Hi, On Wed, Dec 16, 2015 at 03:12:52PM +0100, Ralf Hildebrandt wrote: > * Samuli Seppänen <sam...@openvpn.net>: > > > This release includes many small improvements and fixes. The biggest > > change is the addition of --block-outside-dns option, which can be used > > to fix DNS leaks in Windows 8.1 and 10. > > Where's the docs for that?
"man openvpn" has a bit
.B \-\-block\-outside\-dns
Block DNS servers on other network adapters to prevent
DNS leaks. This option prevents any application from accessing
TCP or UDP port 53 except one inside the tunnel. It uses
Windows Filtering Platform (WFP) and works on Windows Vista or
later.
> What I need to know is:
>
> * does it work on Win32 only (ignoring it on osx/linux is ok)
Yes. But you need to either push it, or configure it as
setenv opt block-outside-dns
which will make the "unrecognized option" bit a warning only, not a fatal
(when pushed, it's always warning-only)
Plus, it only works on Vista+, so on XP it will trigger an error (or warning,
same rules as for the option itself on Linux/Mac)
> * do I need to change the config on the client or can that be pushed from the
> server?
Can be pushed.
It might need to be pushed along with "register-dns", or a configured --up-
script that does "ipconfig /registerdns" to make sure that Windows really
really understands that "hey, there is new nameservers, please USE THEM!!!"
- otherwise some testers reported DNS latencies in the first few minutes
of VPN usage.
(Lev, Valdikss, feel free to chime in and explain better)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
